Skip to Content
Odoo Menu
  • Sign in
  • Try it free
  • Apps
    Finance
    • Accounting
    • Invoicing
    • Expenses
    • Spreadsheet (BI)
    • Documents
    • Sign
    Sales
    • CRM
    • Sales
    • POS Shop
    • POS Restaurant
    • Subscriptions
    • Rental
    Websites
    • Website Builder
    • eCommerce
    • Blog
    • Forum
    • Live Chat
    • eLearning
    Supply Chain
    • Inventory
    • Manufacturing
    • PLM
    • Purchase
    • Maintenance
    • Quality
    Human Resources
    • Employees
    • Recruitment
    • Time Off
    • Appraisals
    • Referrals
    • Fleet
    Marketing
    • Social Marketing
    • Email Marketing
    • SMS Marketing
    • Events
    • Marketing Automation
    • Surveys
    Services
    • Project
    • Timesheets
    • Field Service
    • Helpdesk
    • Planning
    • Appointments
    Productivity
    • Discuss
    • Approvals
    • IoT
    • VoIP
    • Knowledge
    • WhatsApp
    Third party apps Odoo Studio Odoo Cloud Platform
  • Industries
    Retail
    • Book Store
    • Clothing Store
    • Furniture Store
    • Grocery Store
    • Hardware Store
    • Toy Store
    Food & Hospitality
    • Bar and Pub
    • Restaurant
    • Fast Food
    • Guest House
    • Beverage Distributor
    • Hotel
    Real Estate
    • Real Estate Agency
    • Architecture Firm
    • Construction
    • Property Management
    • Gardening
    • Property Owner Association
    Consulting
    • Accounting Firm
    • Odoo Partner
    • Marketing Agency
    • Law firm
    • Talent Acquisition
    • Audit & Certification
    Manufacturing
    • Textile
    • Metal
    • Furnitures
    • Food
    • Brewery
    • Corporate Gifts
    Health & Fitness
    • Sports Club
    • Eyewear Store
    • Fitness Center
    • Wellness Practitioners
    • Pharmacy
    • Hair Salon
    Trades
    • Handyman
    • IT Hardware & Support
    • Solar Energy Systems
    • Shoe Maker
    • Cleaning Services
    • HVAC Services
    Others
    • Nonprofit Organization
    • Environmental Agency
    • Billboard Rental
    • Photography
    • Bike Leasing
    • Software Reseller
    Browse all Industries
  • Community
    Learn
    • Tutorials
    • Documentation
    • Certifications
    • Training
    • Blog
    • Podcast
    Empower Education
    • Education Program
    • Scale Up! Business Game
    • Visit Odoo
    Get the Software
    • Download
    • Compare Editions
    • Releases
    Collaborate
    • Github
    • Forum
    • Events
    • Translations
    • Become a Partner
    • Services for Partners
    • Register your Accounting Firm
    Get Services
    • Find a Partner
    • Find an Accountant
      • Get a Tailored Demo
    • Implementation Services
    • Customer References
    • Support
    • Upgrades
    Github Youtube Twitter Linkedin Instagram Facebook Spotify
    +32 2 290 34 90
    • Get a Tailored Demo
  • Pricing
  • Help
  1. APPS
  2. Attendances
  3. Door Access Control v 16.0
  4. Sales Conditions FAQ

Door Access Control

by ERP Heritage https://www.erpheritage.com.au/
Odoo
v 16.0 Third Party 44
Download for v 16.0 Deploy on Odoo.sh
Apps purchases are linked to your Odoo account, please sign in or sign up first.
Versions 16.0 17.0 18.0 19.0
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies • Attendances (hr_attendance)
• Discuss (mail)
• Employees (hr)
Community Apps Dependencies Show
• Attendance Suite Base
• EH HR Platform Core
• Face Kiosk Attendance
• EH HR Compatibility
Lines of code 4770
Technical Name eh_hr_attendance_access_control
LicenseLGPL-3
Websitehttps://www.erpheritage.com.au/
Versions 16.0 17.0 18.0 19.0
ERP Heritage · HR Platform
Physical access control for the EH attendance kiosk

Door Access Control

When a face match succeeds at the kiosk, the right employee gets the door unlocked and the attempt lands in an audit trail, allowed or denied.

Free · LGPL-3Odoo 16 CommunityLGPL-3 source on diskv1.0.0
Face match unlocks the door
Per-employee, per-zone permissions
Allowed, denied, and reader-error all audited
HTTP webhook keeps hardware vendor-neutral
Bearer token gated to admins

Why this module

Door Access Control

Match to unlock

The match is the credential

The kiosk JS wraps the face-match call and, on a success response, fires the access trigger with the matched employee id. The server resolves the device's zone, checks the permission, calls the reader, and the door opens. No badge, no PIN, no second tap.

Permissioned

Per-employee, per-zone, time-boxed

Access is a permission row joining an employee to a zone, with optional valid-from and valid-to dates and an active flag. Outside the window or without a row, the trigger returns denied and still writes the attempt to the audit log. One permission per employee per zone is enforced at the database level.

Vendor neutral

One protocol, any hardware

The module speaks a single reader protocol: an HTTP POST of an unlock command to a webhook URL you configure. Relay boards, Wiegand readers, MQTT panels, and proprietary controllers sit behind a small bridge service you run that exposes that endpoint, so the Odoo side never ships a hardware driver.

Day in the life

A contractor reaches the side entrance

They look at the kiosk. The face match succeeds, the kiosk shows its usual success screen, and in the background the access trigger fires. The server finds the zone for that site, confirms the contractor has a live permission whose valid-to has not passed, and POSTs an unlock to the door's bridge with an auto-relock interval. The bridge releases the strike, the door opens, and an access event lands with outcome allowed, the reader's response, and the milliseconds it took. A week later their permission lapses; the next match returns denied, the door stays shut, and that denial is logged just as plainly.

Edge cases

The cases most modules quietly ignore.

In the shipped code today, each one a place where a cheaper module silently does the wrong thing.

No zone for site

A kiosk at a site with no active zone records a no_zone event and returns cleanly instead of erroring. The match still succeeds for attendance.

No reader

If the zone has no active reader, the attempt is logged as no_reader. The permission check is decoupled from hardware reachability.

Reader unreachable

Network failures and timeouts are caught, the HTTP timeout is configurable per reader, and the attempt is recorded as reader_error with the exception text rather than crashing the request.

Reader denies

A 4xx from the bridge maps to reader_denied; 5xx and network errors map to reader_error. The reader's last status and last response are written back to the reader record for commissioning.

Door latency never stalls the kiosk

The trigger is fire-and-forget from the browser with keepalive; the audit row is created server-side regardless, so slow door hardware cannot slow the visible attendance flow.

Unauthorized or unthrottled callers

The trigger endpoint requires a valid kiosk device token and is rate limited per token or client IP; missing token returns 401, an unknown or cross-company employee returns 404.

Multi-company isolation

Zones, readers, permissions, and events all carry a company and are filtered by global record rules; zone codes are unique per company and the employee must belong to the device's company.

Audit growth

A daily cron prunes events older than each company's configured retention horizon, default 365 days, in capped batches so a large backlog does not run away in one pass.

What is inside

Built to do the job, end to end.

  • Four models, one endpoint, one JS hook. Zone, reader, permission, and access event models; a public POST endpoint at /eh_hr/kiosk/access/trigger; and an asset that wraps the kiosk fetch to fire the trigger on a successful match. The employee form gains an access-permissions list.
  • Reader configuration. Each reader holds a webhook URL, an optional bearer token visible only to admins, an auto-relock seconds value passed to the bridge, and a configurable HTTP timeout. A test-unlock button lets you verify the bridge is reachable during commissioning.
  • Append-only audit events. Every attempt writes an event with employee, zone, reader, site, device, outcome, the reader's response text, and elapsed milliseconds. The access control lists grant no write rights and reserve delete for admins, so the trail is add-only in practice.
  • Roles and retention. User, manager, admin, and auditor roles map onto the four models with sensible read, write, and delete splits. A daily retention sweep honours a per-company retention-days setting and works in bounded batches.

Honest about the edges

What this does not do, so nothing surprises you.

  • Ships exactly one reader protocol: an HTTP webhook POST. Relay, Wiegand, MQTT, and proprietary boards require a small bridge service you run that exposes that HTTP endpoint. No hardware driver is included.
  • The unlock fires on a successful face match only. This module extends the ERP Heritage face kiosk and depends on it; it is not a standalone badge or card reader.
  • One zone per site is acted on: when a site maps to several zones the first match wins, and multi-zone-per-site selection is noted in the code as a future enhancement.
  • There is no anti-passback, no occupancy counting, no schedule-based door auto-unlock, and no approval or escalation workflow. Permissions are a simple employee-zone row with an optional date window.
  • Audit events are append-only by access rights, not cryptographically sealed; an admin retains delete rights and the retention cron removes aged rows by design.
  • Each successful match fires its own trigger; there is no de-duplication or idempotency key, so a door configured with a short auto-relock is the intended way to bound repeated unlocks.
Search

Odoo 16 door access control, Odoo attendance access control, biometric door unlock Odoo, face recognition door access, Wiegand bridge Odoo, relay door unlock webhook, per employee zone permission, access event audit trail, kiosk face match unlock, hr_attendance physical access, vendor neutral access reader, multi company access control Odoo

Work with ERP Heritage

Need this fitted to the way you work?

ERP Heritage delivers end to end Odoo work: Odoo Implementation, Customization and Development, Integration, Migration, Consultation, Support and Training. We help teams put this module into production, shape it to their process, and keep it running.

Build and tailor
Odoo Implementation, Customization and Development, scoped to your workflow.
Connect and move
Odoo Integration and Migration across systems and Odoo versions.
Run and support
Odoo Support and Training so your team stays productive after go live.
Plan and advise
Odoo Consultation and ERP Consulting, from discovery to roadmap.

We work with businesses across Australia (Melbourne, Sydney, Brisbane, Perth, Adelaide, Canberra) and the Middle East (Dubai, Abu Dhabi, Riyadh, Jeddah, Doha, Kuwait City, Muscat). Start a conversation at erpheritage.com.au or email info@erpheritage.com.au.

ERP Heritage

Production-grade Odoo HR, built to an engineering bar and documented honestly. Support: info@erpheritage.com.au
Developed by ERP Heritage - Top Odoo Partner

v1.0.0 · LGPL-3 · Odoo 16 Community

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author, please use the developer contact information. They can usually be found in the description.
Community
  • Tutorials
  • Documentation
  • Forum
Open Source
  • Download
  • Github
  • Runbot
  • Translations
Services
  • Odoo.sh Hosting
  • Support
  • Upgrade
  • Custom Developments
  • Education
  • Find an Accountant
  • Find a Partner
  • Become a Partner
About us
  • Our company
  • Brand Assets
  • Contact us
  • Jobs
  • Events
  • Podcast
  • Blog
  • Customers
  • Legal • Privacy
  • Security

Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project management, etc.

Odoo's unique value proposition is to be at the same time very easy to use and fully integrated.

Website made with